Businesses feeling more confident in cloud security

More than half of all respondents said their organization is transferring sensitive or confidential data to the cloud – an increase of about 10% compared with last year’s study.

“Staying in control of sensitive or confidential data is paramount for most organizations today, and yet our survey shows they are transferring ever more of their most valuable data assets to the cloud,” said Larry Ponemon, chairman and founder of the Ponemon Institute, in a statement.

The research showed a marked increase in confidence among respondents in the ability of cloud providers to protect the sensitive and confidential data entrusted to them – up from 41% (2011) to 56% (2012). More than 60% of respondents that use cloud today believe the cloud provider has primary responsibility for protecting that data, and 22% believed the cloud consumer to be responsible. However, the pattern is reversed for users of infrastructure-as-a-service (IaaS) cloud offerings.

Excluding network-level encryption tools such as SSL, on a global basis the use of encryption to protect data before it goes to the cloud is 33% higher than the use of encryption within the cloud itself. When encryption is applied inside the cloud, it is more than a third more common in software-as-a-service (SaaS) offerings than other service types.

However, just over half of respondents say they don’t know what their cloud provider actually does to protect their data – and only 30% say they do know. But, again, this is an improvement on last year where 62% of respondents said they didn’t know what measures their cloud provider took to protect their data.

The firms also found that when it comes to key management, there is still no clear picture as to perceived responsibility. In most cases, the respondents report that their own organizations look after their own keys; however, this has declined from the previous year (36% and 29%, respectively). There is also an apparent shift toward key management being perceived to be a shared responsibility between cloud user and cloud provider. This might point to the growing interest in key management standards, the survey found, and in particular the OASIS Key Management Interoperability Protocol (KMIP). Cloud encryption has been identified as the most valuable usage scenario for the new protocol.

“Perceived responsibility for data protection, awareness of security measures, confidence and impact on overall security posture illustrate important regional and service type differences, but overall the trend is positive,” Ponemon said. “Respondents generally feel better informed, more confident in their cloud service providers and more positive about the impact on their security posture compared with last year.”